Cybercrime is becoming more aggressive and confrontational. Various forms of extortion requiring little technical skills suggest changes in the profile of cybercrime offenders, and increase the psychological impact on victims.
While there may always be a need for laws which compel private industry to cooperate with law enforcement, there is greater benefit in establishing and building working relationships in order to stimulate the voluntary and proactive engagement of the private sector.
Malware predictably remains a key threat for private citizens and businesses. Ransomware attacks, particularly those incorporating encryption, were identified as a key threat both in terms of quantity and impact. Information stealers, such as banking Trojans, and the criminal use of Remote Access Tools (RATs) also feature heavily in malware investigations.
Due to the support for many of the ‘old school’ banking Trojans such as Zeus, Citadel or Spyeye being withdrawn, either voluntarily or as a result of law enforcement action, the use of many of these products is in decline, paving the way for a new generation of malware such as such as Dyre or Dridex.
The number and frequency of publically disclosed data breaches is dramatically increasing, highlighting both a change in attitude by industry and that data is still a key target and commodity for cybercriminals. Such breaches, particularly when sensitive personal data is disclosed, inevitably lead to secondary offences as the data is used for fraud and extortion.
Social engineering is a common and effective tool used for anything from complex multi-stage cyber-attacks to fraud. CEO fraud is one such threat which is emerging, leading to significant losses for individual companies and requiring little technical knowledge to commit.
Payment fraud has seen a further shift to card-not-present fraud, and is increasing in line with the growing number of merchants embracing e-commerce and the implementation of effective measures to combat skimming and card-present fraud. While card-present fraud is slightly in decline, novel malware attacks on ATMs are still evolving.
Rather than devising novel attack methods, most cyber-attacks rely on existing, tried and tested exploits, malware code and methodologies such as social engineering, which are re-used and recycled to create new threats.
The lack of digital hygiene and security awareness contributes to the long lifecycle and continued sales of exploit kits and other basic products through CaaS models, bringing opportunities and gain to the criminal masses.
Operation Onymous resulted in an unprecedented mass takedown of Darknet marketplaces and disruption of market interactions. The underground ecosystem has since recovered to some degree but confidence has been further eroded by a number of prominent marketplaces exit scams.
In the aftermath of operation Onymous, there were many proponents for a shift to allegedly more secure platforms such as I2P. This has not occurred however and Tor remains the preferred platform for underground fora and marketplaces.
Growing Internet coverage in developing countries and the development of pay-as-you-go streaming solutions providing a high degree of anonymity to the viewer, are furthering the trend in the commercial live streaming of child sexual abuse.
Growing numbers of children and teenagers own smart phones that they use to access social media and communication apps. This enables the generation and distribution of large amounts of self-generated indecent material (SGIM), which makes these adolescents vulnerable to sexual extortion.
The use of anonymisation and encryption technologies is widening. Although these address a legitimate need for privacy, they are exploited by criminals. Attackers and abusers use these to protect their identities, communications, data and payment methods.
Bitcoin is establishing itself as a single common currency for cybercriminals within the EU. Bitcoin is no longer used preferentially within Darknet marketplaces but is increasingly being adopted for other types of cybercrime as well.
